-
漏洞信息

-
漏洞描述

A remote overflow exists in the Network Security Services library. The library fails to validate the length of the "challenge" field during negotiation of the SSLv2 protocol. This library is used by many commercial and open-source products to provide SSL services. Affected applications include the Netscape Enterprise web server, the SunONE web, directory, and mail servers, and a large number of open-source application servers. Successful exploitation of this issue may result in arbitrary code execution with the privileges of the vulnerable service, leading to a lack of integrity.

-
时间线

公开日期:
2004-08-23

发现日期:
Unknow

利用日期:2004-08-25

解决日期:Unknow

-
解决方案

The solution to this vulnerability depends on the affected application. In most situations, you can simply replace the NSS library with the latest version from the Mozilla Organization. Version 3.9.2 and newer of the NSS library are not vulnerable to this flaw. In the case of commercial applications, the vendor should be able to provide you with a patched version of the product. It is also possible to correct the flaw by implementing the following workaround(s):
Disable the SSLv2 protocol and all SSLv2 ciphers. The process for accomplishing this task depends on the specific application.

-
不受影响的程序版本

Mozilla Network Security Services (NSS) 3.9.2

-
漏洞讨论

NSS is prone to a remote heap-overflow vulnerability because it fails to perform sufficient boundary checks. Successful exploits may allow arbitrary code to run and may grant the attacker unauthorized access to a vulnerable computer.

The NSS library is commonly used by Netscape Enterprise Server and Sun One/iPlanet servers. The SSLv2 protocol is not enabled by default on these servers. Other products may be affected as well.

-
漏洞利用

Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.